HP Plugs 'Critical' Tru64 UNIX Flaws

By Ryan Naraine (Send Email)
Posted Mar 5, 2004


HP has issued a security patch to plug "highly critical" holes in its HP Tru64 Unix operating system with a warning that a successful exploit could lead to system takeover.

HP issued a security patch Friday to plug 'highly critical' holes in its HP Tru64 Unix operating system. It warned that a successful exploit could lead to system takeover.

The company did not provide details of the vulnerabilities, which are a result of unspecified errors within the certificate handling of IPsec/IKE. IPSec, widely deployed to implement corporate Virtual Private Networks (VPNs), provides cryptographically based security for the IP protocols.

Products affected by the security vulnerabilities include the HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24) and the HP Tru64 UNIX 5.1A PK6(BL24).

Research firm Secunia, which rates the flaws as "highly critical," says malicious hackers can take control of vulnerable systems remotely.

HP repair kits have been posted online here and here.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.